I am looking for a pertinent answer regarding Ubuntu versus Debian for servers when it comes to stability and security, not personal preferences.

I am inclined to like Ubuntu because it is more recent packages but the guys from IT are saying that the corporate standard is Debian, not Ubuntu because is more stable.

Is this really true nowdays?

Please try to be as objective as possible, and yes the question is about stability and security - I added both of them because I know that the most "stable" and secure system would be one that it shut-down.

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
If this question can be reworded to fit the rules in the help center, please edit the question.

1

Just as with any question of the "which is better" kind, this one does not have a meaningful, verifiable answer. You choose the distribution which is a good fit for your situation and requirements. As unconditionally superior technology would supplant the inferior one in no time, you can assume that there is no generic kind of "better" with whatever is still available today.
–
the-wabbitMay 15 '12 at 10:54

@syneticon-dj Actually, with the way the question is phrased, it's not even about whether Debian or Ubuntu LTS is a good fit for the OP's situation and requirements; it's about how much ammunition the OP can gather from ServerFault to argue with his IT department, which has already made a judgement that Debian is a better fit for the company's situation.
–
cjcMay 15 '12 at 11:21

1 Answer
1

There will be virtually no difference. Both will be completely stable in the fact that you will be getting NO new software for either, if you are using a released version of either Ubuntu of Debian. You will get only security patches to the old versions or other trivial patches to the old version of the software which it was released with and not new versions. This will not be different for either Debian or Ubuntu, the policies here are the same for both. And this is what makes either choice "stable". One misconception about Debian 'stable' is the meaning of stable. When we label a release as "stable", we do not mean stable as in "not crashing" we mean stable as in "not changing".

One difference will be the life cycle. Ubuntu LTS releases get 5 years of support. The most recent LTS release, 12.04 was last month. It will be supported until 2017. This means that you could install it now, and still be running the same 2012 versions of software in 2017 (but you will get security support for them).

The most recent version of debian was released in February 2011. The next version of debian is about to be "frozen" in order to stabilize it for a release. There is no reliable way to determine when this will actually be released. This is one major difference between debian and ubuntu. Debian will make the next release when this frozen release is virtually free of known release critical bugs. At this point, we have about 700 more to close, as can be seen here. Ubuntu, in contrast, releases on a predictable schedule, regardless of the number of known bugs.

Once Debian makes a release, it will support the previous release for one additional year. If you were to make wild ass guess about when the next Debian release (7.0) will be made, you might randomly guess "December 2012", that would mean that the current release (6.0) would be supported through December 2013, and you'd have until then to upgrade to 7.0. You could make even wilder crazier guess about when the following release would be, and guess "about 2 years" which would mean you would then have until about December 2015 to upgrade from 7.0 to 8.0.

From the "does not change" perspective, the ubuntu LTS cycle has sadly left Debian in the dust... I'd go as far as say that recent release practice has disqualified debian for server use in some applications.
–
rackandbonemanMay 15 '12 at 12:42

@rackandboneman what do you mean by "recent release practice"? Debian hasn't changed the release process in many years, other than to make attempts to make the freeze dates more predictable and announced farther in advance. Other than that, the Debian release procedure has been the same for many many years.
–
stewMay 15 '12 at 12:44

lets say 5.0 had security discontinued before some orgs had deployed it in the first place ;)
–
rackandbonemanMay 15 '12 at 13:26

2

5.0 was no different than 4.0 or 3.1 or 3.0 or 2.2 or 2.1 in that regard, it was supported for 1 full year after the next release was made available. This is always well documented, and these types of announcements are always made on the extremely low traffic debian-announce mailing list: lists.debian.org/debian-announce
–
stewMay 15 '12 at 13:42